Scribd
Upload
415 views22 pages

Overview of Intrusion Detection Systems

This document provides an overview of intrusion detection systems (IDS). It discusses the history of IDS, defining what an IDS is and explaining that an IDS tries to detect policy violations. It outlines different types of violations, detection methods, and IDS types including network-based and host-based. Issues with IDS are mentioned along with an example application of using ontology servers to split data across multiple subservers for increased security. Future enhancements and references are also included at the end.

Uploaded by

Sourabha Adisesh
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
415 views22 pages

Overview of Intrusion Detection Systems

This document provides an overview of intrusion detection systems (IDS). It discusses the history of IDS, defining what an IDS is and explaining that an IDS tries to detect policy violations. It outlines different types of violations, detection methods, and IDS types including network-based and host-based. Issues with IDS are mentioned along with an example application of using ontology servers to split data across multiple subservers for increased security. Future enhancements and references are also included at the end.

Uploaded by

Sourabha Adisesh
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd

Intrusion Detection System

presented by,
GURUMUNI M
1JV07CS013

1
AGENDA
History.
WHAT’S AN IDS?
Security and Roles
Types of Violations.
Types of Detection
Types of IDS.
IDS issues.
Application.
History:
1970s - Observation by administrators
When an account is used
When/how much a resource is used

Early 1980s – Usage models


First proposed by Anderson (1980)
Based on accounting logs
Login frequency, volume data processed, etc.
Batch processing; not real time
What’s an IDS?
Any set of actions that attempt to compromise the
confidentiality, integrity, or availability of a computer
resource is called as ids.

Term is overloaded

Trying to detect a policy violation

4
COMPUTER SECURITY AND ROLES:
 Confidentiality: Transforming data such that only
authorized parties can decode it.
Authentication: Proving or disproving someone’s or
something’s claimed identity.
Integrity checking: Ensuring that data cannot be
modified without such modification .
being detectable
Non – repudiation: Proving that a source of some
data did in fact send data that he might later deny
sending
5
TYPES OF VIOLATIONS:
Attack
Attempts to exploit a vulnerability
Ex: denial of service, privilege escalation
Intrusion
Acts as another legitimate user
Misuse
User abuses privileges
Often called the “insider threat”

6
TYPES OF DETECTION:
Misuse detection
Built with knowledge of “bad” behaviors
Collection of signatures
Examine event stream for signature match

Anomaly detection
Built with knowledge of “normal” behaviors
Examine event stream for deviations from normal

7
SOME OF THE HACKING TOOLS:

8
Types of IDS
Primary Types:
Network IDS (NIDS)
Host IDS (HIDS)

Hybrid Types:
Per-Host Network IDS (PH-NIDS)
Load Balanced Network IDS (LB-NIDS)
Firewall IDS (FW-IDS)

9
NETWORK BASED (Advantages)
Can get information quickly without any
reconfiguration of computers.

Does not affect network or data sources

Monitor and detects in real time networks attacks or


misuses

Does not create system overhead


NETWORK BASED (Disavantages)
Cannot scan protocols if the data is encrypted

Hard to implement on fully switched networks

Has difficulties sustaining network with a very large


bandwidth
Naïve Simulation Network

Target Host

Test
Network

Attack
Attack Stream NIDS
Generator

12
What’s HAPPENING?
IN THE ABOVE FIG THERE ARE THREE COMPUTERS
1.TARGET HOST : IT IS ALSO A MAIN COMPUTER
AND CLIENT IS WORKING IN IT.

2.ATTACK GENERATOR : IT IS ALSO A CLIENT SIDE


COMPUTER BUT IT IS USED BY ATTACKER.

3.NIDS : IT MEANS NAÏVE SYSTEM USING THIS


SYSTEM THE HACKER TRIES TO HACK THE DATA
PRESENT IN TARGET HOST.
13
IDS ISSUES:
 Lack of Physical Wires

 Bandwidth Issues

 Difficulty of Anomaly and Normality Distinction

 Possibility of a Node Being Compromised

14
ONTOLOGY SERVERS

ONTOLOGY IS AN MEDICAL APPROACH WHICH IS


IMPLEMENTED IN NETWORKS PLATFORM.

ONE OF THE APPROACH WHERE WE CAN PROVIDE HIGH


SECURITY IS BY USING ONTOLOGY SERVERS.

15
HOW IT WORKS?

 WENEVER THE DATA IS PRESENT IN ONE OR TWO SERVERS,THE


WORK BECOMES EASY FOR AN HACKER TO HACK THOSE DATA.

SO WAT ONTOLOGY SERVER DOES IS,IT SPLITS THE DATA


PRESENT IN MAIN SERVER TO FOUR SUB SERVERS.

16
CONTD……
SO WENEVER HACKER HACKS ANY SUBSERVER HE
WILL GET ONLY PARTIAL INFORMATION WHICH HE
CANNOT ENCRYPT OR DECRYPT IT.

IF SUPPOSE CLIENT SENDS AN API TO SERVER TO


SEND THE DATA WHICH IT SENT THEN THE MAIN
SERVER WILL SEND THE API’S TO SUBSERVER GATHER
THE INFORMATION AND SENDS IT BACK TO CLIENT.

17
ADVANTAGES:
1.IT PROVIDES HIGH SECURITY.
2.DATA LOSS IS LESS.

DIS ADVANTAGES:
1.TIME TAKEN IS MORE AND COST IS HIGH.
2.NEEDS MANY NUMBER OF SYSTEMS.

18
Conclusion:
BY MAKING USE OF ABOVE APPROACH WE CAN
PROVIDE HIGH SECURITY TO ANY EXISTING
SYSTEM.

WE CAN AVOID INTRUDERS INTRUDING THE


DATA.

19
FUTURE ENHANCEMENT:
There is a need for a COMPETENT analyst
Need someone that can fine tune the IDS in order to
avoid false positive or false negative
Must subscribe to popular advisories and security
newsletters such as bugtraq, CERT, GIAC, SANS, and
others
REFERENCES:
[1] Lidong Z., Zygmunt J. H., “Securing ad hoc
networks”, IEEE Network, Vol. 13,
No. 6, 1999, pp. 24-30.
[2] Sundaram A., "An Introduction to Intrusion
Detection",
http://www.acm.org/crossroads/xrds2-4/intrus.html
[3] Arbaugh W., Shankar N., Wan Y.C.J., “Your 802.11
Wireless Network Has No
Clothes”, University of Maryland, 30-Mar-2001.
 
21
THANK YOU

22

You might also like